The American Bear

Sunshine/Lollipops

State and local law enforcement agencies are relying on a wide range of databases of facial imagery, including driver’s licenses and Facebook, to identify suspects. The F.B.I. is developing what it calls its “next generation identification” project to combine its automated fingerprint identification system with facial imagery and other biometric data. … The State Department has what several outside experts say could be the largest facial imagery database in the federal government, storing hundreds of millions of photographs of American passport holders and foreign visa applicants. And the Department of Homeland Security is funding pilot projects at police departments around the country to match suspects against faces in a crowd. … The N.S.A., though, is unique in its ability to match images with huge troves of private communications. N.S.A. Collecting Millions of Faces From Web Images | NYTimes.com

Case Over No-Fly List Takes Bizarre Turn As Gov't Puts Witness On List, Then Denies Having Done So | Techdirt

As you my have heard, there’s a trial going on here in San Francisco about the legality of the complete lack of any sort of due process concerning the US’s “no fly” list. The NY Times has a good background article on the case, which notes that somewhere around 700,000 people appear to be on the list, where there’s basically no oversight of the list and no recourse if you happen to be placed on the list. This lawsuit, by Rahinah Ibrahim is challenging that.

In that case, a Stanford University Ph.D. student named Rahinah Ibrahim was prevented from boarding a flight at San Francisco International Airport in 2005, and was handcuffed and detained by the police. Ultimately, she was allowed to fly to Malaysia, her home country, but she has been unable to return to the United States because the State Department revoked her student visa.

According to court filings, two agents from the Federal Bureau of Investigation visited Ms. Ibrahim a week before her trip and asked about her religious activities (she is Muslim), her husband and what she might know of a Southeast Asian terrorist organization. A summary of that interview obtained by Ms. Ibrahim’s lawyer includes a code indicating that the visit was related to an international terrorism investigation, but it is not clear what other evidence — like email or phone records — was part of that inquiry.

The Identity Project blog is covering the trial, which kicked off earlier this week with a ridiculous situation, highlighted by BoingBoing. Apparently, one of the people set to testify in the case, Ibrahim’s oldest daughter, Raihan Mustafa Kamal (an American citizen, born in the US), was blocked from boarding her flight to the US to appear at the trial, and told that she was on the no fly list as well. Kamal, a lawyer, was an eye witness to her mother being blocked from boarding her flight. The US knew that Kamal was set to testify and from all indications, in a move that appears extremely petty, appears to have purposely blocked her from flying to the US. Kamal was directly told by the airline that DHS had ordered them not to let Kamal to board. The airline even gave her a phone number for a Customs and Border Patrol office in Miami, telling her to call that concerning her not being able to board.

Judge William Alsup, who is known for his rather no-nonsense approach in court (and his willingness to dig very deep into understanding the issues), quickly noted that this apparent blocking of Kamal was ridiculous, and demanded that the government explain what happened. When they insisted they knew nothing about it, Alsup wasn’t satisfied. Nor was he satisfied with the story they eventually came back with. [READ]

NSA SEXINT is the Abuse You’ve All Been Waiting For | Just Security

In the latest news report based on documents revealed by Edward Snowden, we’ve learned that the NSA creates profiles of porn viewing, online sexual activity and more from its vast database of Internet content and transactional data as part of a plan to harm the reputations of those whom the agency believes are radicalizing others through speeches promoting disfavored—but not necessarily violent—political views. The report— by Glenn Greenwald, Ryan Gallagher and Ryan Grim in the Huffington Post—shows how the NSA proposes to use personal information gleaned from electronic surveillance to blackmail, silence and otherwise marginalize people for advocating “radical” beliefs.

[…] The public and policy makers may hear “foreign intelligence information” and think it means data which helps identify and neutralize people who want to kill Americans, and not that which identifies and undermines peaceable people who merely hold radical, violent or even revolutionary ideas in the eyes of those currently in power.

Of course, intelligence agencies have used embarrassing information against people for their political beliefs in the past. The Federal Bureau of Investigation used recordings it gleaned from bugging Dr. Martin Luther King Jr.’s private quarters to attempt to blackmail him into silence, despite the fact that King unwaveringly supported non-violent means. It was his revolutionary idea of social equality for all races, and his anti-war beliefs, that made him dangerous.

As Bret Max Kaufman, Legal Fellow at the ACLU National Security Project writes:

King was not alone on the government’s long list of targets; he shared marquee billing with boxer Muhammed Ali, humorist Art Buchwald, author Norman Mailer, and even Senator Howard Baker. But the greater scandal was that — as the Church Committee revealed in 1976 — these big names appeared alongside more than one million other Americans, including half a million so-called “subversives.”

Julian Sanchez at the Cato Institute points out another historical examples of actual and threatened blackmail:

[FBI Director J. Edgar] Hoover’s right hand Cartha DeLoach proudly reported that the Bureau had learned of a truculent senator caught driving drunk with a “good looking broad.” The senator, DeLoach explained, was promptly made “aware that we had the information, and we never had trouble with him on appropriations since.”

These practices were disgusting, dangerous and abusive then, just as they are now. What’s new is that, in a mass surveillance ecosystem, the scale and scope on which this kind of activity can take place is unprecedented. Once it collects information about hundreds of millions of people in mass, “dossiers” of potentially embarrassing information—or blackmail quality secrets—dirt on anyone is just a few searches away. Intelligence operatives can secretly tar anyone, seemingly at will, since the NSA has the technological capacity, and no one has identified a law which would, if followed, intercede. These abilities, never mind the will to use them, are incompatible with individual freedom and democracy. [read]

FBI, cops put drones aloft without updating privacy guidelines | McClatchy DC

The FBI and numerous other local and federal law enforcement agencies are #exploring the use of drones – unmanned aircraft — to conduct surveillance and crime scene examinations without risking the lives of pilots.

But in an interim, partially classified audit report released on Thursday, September 26th, Justice Department Inspector General Michael Horowitz is raising a big caution flag. His audit team asked, in essence, “Did anyone think about Americans’ privacy rights?”

The drones weigh less than 55 pounds, and they can buzz over homes and businesses with cameras trained on activity below. They cost just 25 bucks an hour to operate – a tiny fraction of the $625 hourly cost of choppers and other manned aircraft.  Some agencies are experimenting with infrared cameras for nighttime use.

Between 2004, when the Justice Department acquired its first drone, and May of this year, the FBI and three other department components spent $3.7 million buying the drones, 80 percent of the money coming from the bureau, which already has them in use.

The Bureau of Alcohol, Tobacco and Firearms plans to deploy drones soon, while the Drug Enforcement Administration and United States Marshals Service acquired them for testing, but haven’t yet decided to use them domestically, the IG says.

Officials of the FBI and ATF told the auditors they see no need to develop specialized privacy protocols, and they don’t see any practical difference in using the drones for surveillance versus manned aircraft.

But the agency watchdogs concluded that a consistent department policy may be needed for the use of small drones, which can hover covertly in areas where people might expect privacy and remain there far longer than a traditional aircraft could.

N.S.A. Examines Social Networks of U.S. Citizens

The N.S.A. documents show that one of the main tools used for chaining phone numbers and e-mail addresses has the code name Mainway. It is a repository into which vast amounts of data flow daily from the agency’s fiber-optic cables, corporate partners and foreign computer networks that have been hacked.

The documents show that significant amounts of information from the United States go into Mainway. An internal N.S.A. bulletin, for example, noted that in 2011 Mainway was taking in 700 million phone records per day. In August 2011, it began receiving an additional 1.1 billion cellphone records daily from an unnamed American service provider under Section 702 of the 2008 FISA Amendments Act, which allows for the collection of the data of Americans if at least one end of the communication is believed to be foreign.

The overall volume of metadata collected by the N.S.A. is reflected in the agency’s secret 2013 budget request to Congress. The budget document, disclosed by Mr. Snowden, shows that the agency is pouring money and manpower into creating a metadata repository capable of taking in 20 billion “record events” daily and making them available to N.S.A. analysts within 60 minutes.

The spending includes support for the “Enterprise Knowledge System,” which has a $394 million multiyear budget and is designed to “rapidly discover and correlate complex relationships and patterns across diverse data sources on a massive scale,” according to a 2008 document. The data is automatically computed to speed queries and discover new targets for surveillance.

A top-secret document titled “Better Person Centric Analysis” describes how the agency looks for 94 “entity types,” including phone numbers, e-mail addresses and IP addresses. In addition, the N.S.A. correlates 164 “relationship types” to build social networks and what the agency calls “community of interest” profiles, using queries like “travelsWith, hasFather, sentForumMessage, employs.”

A 2009 PowerPoint presentation provided more examples of data sources available in the “enrichment” process, including location-based services like GPS and TomTom, online social networks, billing records and bank codes for transactions in the United States and overseas.

At a Senate Intelligence Committee hearing on Thursday, General Alexander was asked if the agency ever collected or planned to collect bulk records about Americans’ locations based on cellphone tower data. He replied that it was not doing so as part of the call log program authorized by the Patriot Act, but said a fuller response would be classified.

If the N.S.A. does not immediately use the phone and e-mail logging data of an American, it can be stored for later use, at least under certain circumstances, according to several documents.

One 2011 memo, for example, said that after a court ruling narrowed the scope of the agency’s collection, the data in question was “being buffered for possible ingest” later. A year earlier, an internal briefing paper from the N.S.A. Office of Legal Counsel showed that the agency was allowed to collect and store raw traffic, which includes both metadata and content, about “U.S. persons” for up to five years online and for an additional 10 years offline for “historical searches.”

Meet the machines that steal your phone’s data

The National Security Agency’s spying tactics are being intensely scrutinized following the recent leaks of secret documents. However, the NSA isn’t the only US government agency using controversial surveillance methods.

Monitoring citizens’ cell phones without their knowledge is a booming business. From Arizona to California, Florida to Texas, state and federal authorities have been quietly investing millions of dollars acquiring clandestine mobile phone surveillance equipment in the past decade.

Earlier this year, a covert tool called the “Stingray” that can gather data from hundreds of phones over targeted areas attracted international attention. Rights groups alleged that its use could be unlawful. But the same company that exclusively manufacturers the Stingray—Florida-based Harris Corporation—has for years been selling government agencies an entire range of secretive mobile phone surveillance technologies from a catalogue that it conceals from the public on national security grounds.

Details about the devices are not disclosed on the Harris website, and marketing materials come with a warning that anyone distributing them outside law enforcement agencies or telecom firms could be committing a crime punishable by up to five years in jail.

These little-known cousins of the Stingray cannot only track movements—they can also perform denial-of-service attacks on phones and intercept conversations. Since 2004, Harris has earned more than $40 million from spy technology contracts with city, state, and federal authorities in the US, according to procurement records.

In an effort to inform the debate around controversial covert government tactics, Ars has compiled a list of this equipment by scrutinizing publicly available purchasing contracts published on government websites and marketing materials obtained through equipment resellers. Disclosed, in some cases for the first time, are photographs of the Harris spy tools, their cost, names, capabilities, and the agencies known to have purchased them.

What follows is the most comprehensive picture to date of the mobile phone surveillance technology that has been deployed in the US over the past decade. [more]

US and UK spy agencies defeat privacy and security on the internet | James Ball, Julian Borger, and Glenn Greenwald

US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails, according to top-secret documents revealed by former contractor Edward Snowden.

The files show that the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.

The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.

Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.

Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.

The files, from both the NSA and GCHQ, were obtained by the Guardian, and the details are being published today in partnership with the New York Times and ProPublica. They reveal:

• A 10-year NSA program against encryption technologies made a breakthrough in 2010 which made “vast amounts” of data collected through internet cable taps newly “exploitable”.

• The NSA spends $250m a year on a program which, among other goals, works with technology companies to “covertly influence” their product designs.

• The secrecy of their capabilities against encryption is closely guarded, with analysts warned: “Do not ask about or speculate on sources or methods.”

• The NSA describes strong decryption programs as the “price of admission for the US to maintain unrestricted access to and use of cyberspace”.

• A GCHQ team has been working to develop ways into encrypted traffic on the “big four” service providers, named as Hotmail, Google, Yahoo and Facebook. [read]

[D]ocuments show that the [National Security] agency has already achieved another of the goals laid out in the budget request: to influence the international standards upon which encryption systems rely.

Independent security experts have long suspected that the NSA has been introducing weaknesses into security standards, a fact confirmed for the first time by another secret document. It shows the agency worked covertly to get its own version of a draft security standard issued by the US National Institute of Standards and Technology approved for worldwide use in 2006.

'Eventually, NSA became the sole editor,' the document states.

US and UK spy agencies defeat privacy and security on the internet

Drug Agents Use Vast Phone Trove Eclipsing N.S.A.’s | NYT

For at least six years, law enforcement officials working on a counternarcotics program have had routine access, using subpoenas, to an enormous AT&T database that contains the records of decades of Americans’ phone calls — parallel to but covering a far longer time than the National Security Agency’s hotly disputed collection of phone call logs.

The Hemisphere Project, a partnership between federal and local drug officials and AT&T that has not previously been reported, involves an extremely close association between the government and the telecommunications giant.

The government pays AT&T to place its employees in drug-fighting units around the country. Those employees sit alongside Drug Enforcement Administration agents and local detectives and supply them with the phone data from as far back as 1987.

The project comes to light at a time of vigorous public debate over the proper limits on government surveillance and on the relationship between government agencies and communications companies. It offers the most significant look to date at the use of such large-scale data for law enforcement, rather than for national security.

The scale and longevity of the data storage appears to be unmatched by other government programs, including the N.S.A.’s gathering of phone call logs under the Patriot Act. The N.S.A. stores the data for nearly all calls in the United States, including phone numbers and time and duration of calls, for five years. Unlike the N.S.A. data, the Hemisphere data includes information on the locations of callers.

Hemisphere covers every call that passes through an AT&T switch — not just those made by AT&T customers — and includes calls dating back 26 years, according to Hemisphere training slides bearing the logo of the White House Office of National Drug Control Policy. Some four billion call records are added to the database every day, the slides say; technical specialists say a single call may generate more than one record.

The slides were given to The New York Times by Drew Hendricks, a peace activist in Port Hadlock, Wash. He said he had received the PowerPoint presentation, which is unclassified but marked “Law enforcement sensitive,” in response to a series of public information requests to West Coast police agencies.

The program was started in 2007, according to the slides, and has been carried out in great secrecy.

“All requestors are instructed to never refer to Hemisphere in any official document,” one slide says. A search of the Nexis database found no reference to the program in news reports or Congressional hearings.

The Obama administration acknowledged the extraordinary scale of the Hemisphere database and the unusual embedding of AT&T employees in government drug units in three states.

New Research Supports the Notion That There Is No Such Thing As A Consensual Police Encounter

letterstomycountry:

In his 1999 book No Equal Justice, David Cole quoted Judge Marshall of the Northern District of Illinois:

Few of us, [confronted by] armed police officers…would feel free to tell the officers to mind their own business. ”… Implicit in the introduction of the [officer’s badge] … is a show of authority to which the average person encountered will feel obliged to stop and respond. Few will feel that they can walk away or refuse an answer.

I’ve spent the last three years of my life studying police misconduct and criminal defense, and even I get nervous when a police officer approaches me or pulls me over. The knowledge that legally, he or she has the right to control my body or kill me is enormously unsettling. The knowledge that he or she can also make my life miserable if I question their legal authority also quiets my actions. For most people, it’s just simply not worth the effort to put up a fight, even if you think the officer is dead wrong.

When someone with a gun and a legal monopoly on the legitimate use of violence enters your personal space, the parameters of ordinary human conduct change. The Supreme Court’s hilarious legal fiction that people are free to walk away from police officers who simply approach them for questioning is absurd. For a sample, here’s Justice Alito, writing for the Court in Kentucky v. King, 131 S. Ct. 1849 (2011):

When law enforcement officers who are not armed with a warrant knock on a door, they do no more than any private citizen might do…the occupant has no obligation to open the door or to speak…and even if an occupant chooses to open the door and speak with the officers, the occupant need not allow the officers to enter the premises and may refuse to answer any questions at any time. Occupants who choose not to stand on their constitutional rights but instead elect to attempt to destroy evidence have only themselves to blame for the warrantless exigent-circumstances search that may ensue.

To be frank, this is a big heaping pile of bullshit. Technically speaking, it is a correct statement of the law. Practically speaking, this is not how most interactions with police go: if you put up a fuss, or “assert your rights,” you’re liable to get treated more harshly. The officer might “notice” a few more violations on your vehicle. They can claim that you tried to assault them when you shut the door in their face. There are any number of ways they can make your life hell for not just going along to get along.

Everybody knows this to one degree or another. Which is why the average person gets scared when they see a police cruiser in their rear-view mirror, even if the cruiser’s lights aren’t flashing. It’s why even the most hardcore individuals often become submissive when a cop shows up at their door. When the other person has a gun and the force of law on their side, you’re bound to act differently than you otherwise would. It’s crazy that we need research to support this. But that’s what happens when you have a Supreme Court with literally zero former criminal defense attorneys on the bench.

Electronic Frontier Foundation Victory Results in Release of Secret Court Opinion Finding NSA Surveillance Unconstitutional

Update: In response to EFF’s FOIA lawsuit, the government has released the 2011 FISA court opinion ruling some NSA surveillance unconstitutional.

For over a year, EFF has been fighting the government in federal court to force the public release of an 86-page opinion of the secret Foreign Intelligence Surveillance Court (FISC). Issued in October 2011, the secret court’s opinion found that surveillance conducted by the NSA under the FISA Amendments Act was unconstitutional and violated “the spirit of” federal law.

Today, EFF can declare victory: a federal court ordered the government to release records in our litigation, the government has indicated it intends to release the opinion today, and ODNI has called a 3:00 ET press conference to discuss “issues” with FISA Amendments Act surveillance, which we assume will include a discussion of the opinion.

It remains to be seen how much of the opinion the government will actually make available to the public. President Obama has repeatedly said he welcomes a debate on the NSA’s surveillance: disclosing this opinion—and releasing enough of it so that citizens and advocates can intelligently debate the constitutional violation that occurred—is a critical step in ensuring that an informed debate takes place.

Here are examples of documents previously released by the administration in response to our Freedom of Information Act request. Anything even resembling those “releases” would be utterly unacceptable today. But we’ve come a long way since then—it took filing a lawsuit; litigating (and winning) in the FISC itself; the unprecedented public release of information about NSA surveillance activities; and our continuing efforts to push the government in the district court for release of the opinion.

Release of the opinion today is just one step in advancing a public debate on the scope and legality of the NSA’s domestic surveillance programs. EFF will keep fighting until the NSA’s domestic surveillance program is reined in, federal surveillance laws are amended to prevent these kinds of abuse from happening in the future, and government officials are held accountable for their actions.

New Details Show Broader NSA Surveillance Reach (2) | WSJ

… Blarney was in use before the 2001 terror attacks, operating at or near key fiber-optic landing points in the U.S. to capture foreign communications coming in and out of the country. One example is an AT&T facility in San Francisco that was revealed in 2006 during the debate over warrantless wiretapping. A similar facility was built at an AT&T site in New Jersey, former officials say.

After the 2001 attacks, a former official says, these intercept systems were expanded to include key Internet networks within the U.S. through partnerships with U.S. Internet backbone providers. Amid fears of terrorist “sleeper cells” inside the U.S., the government under President George W. Bush also began redefining how much domestic data it could collect.

For the 2002 Winter Olympics in Salt Lake City, officials say, the Federal Bureau of Investigation and NSA arranged with Qwest Communications International Inc. to use intercept equipment for a period of less than six months around the time of the event. It monitored the content of all email and text communications in the Salt Lake City area.

At that point, the systems fed into the Bush administration’s program of warrantless wiretapping, which circumvented the surveillance court on the authority of the president’s power as commander in chief. The Bush administration came under criticism from lawmakers and civil libertarians for sidestepping court supervision.

The current legal backing for Blarney and its related programs stems from a section of a 2008 surveillance law. It permits the government, for foreign intelligence investigations, to snoop on foreigners “reasonably believed” to be outside the U.S.

Previously, the law had tighter standards. It allowed the government to spy on people if there were “probable cause” to believe they were an “agent of a foreign power.”

NSA has discretion on setting its filters, and the system relies significantly on self-policing. This can result in improper collection that continues for years.

New Details Show Broader NSA Surveillance Reach | WSJ

[…] One U.S. official says the agency doesn’t itself “access” all the traffic within the surveillance system. The agency defines access as “things we actually touch,” this person says, pointing out that the telecom companies do the first stage of filtering.

The surveillance system is built on relationships with telecommunications carriers that together cover about 75% of U.S. Internet communications. They must hand over what the NSA asks for under orders from the secret Foreign Intelligence Surveillance Court. The firms search Internet traffic based on the NSA’s criteria, current and former officials say.

Verizon Communications Inc., for example, has placed intercepts in the largest U.S. metropolitan areas, according to one person familiar with the technology. It isn’t clear how much information these intercepts send to the NSA. A Verizon spokesman declined to comment.

Not all telecommunications providers handle the government demands the same way, says the person familiar with the legal process. According to a U.S. official, lawyers at telecom companies serve as checks on what the NSA receives. “The providers are independently deciding what would be responsive,” the official says.

… The person [we interviewed] says talks between the government and different telecoms about what constitutes foreign communications have “been going on for some years,” and that some in the industry believe the law is unclear on Internet traffic. “Somebody should enunciate a rule,” this person says.

… Mr. Obama and top intelligence officials say NSA’s programs are overseen by all three branches of government, citing procedures approved by the secret surveillance court that require the NSA to eliminate “incidentally acquired” data on Americans. “If you say, ‘We don’t want the NSA to be scanning large amounts of traffic,’ you’re saying you don’t want it to do its job,” says one former official.

Blarney, Fairview, Oakstar, Lithium and Stormbrew were mentioned, but not fully explained, in documents released by Mr. Snowden. An NSA paper released this month mentioned several but didn’t describe them beyond saying, “The government compels one or more providers to assist NSA with the collection of information responsive to the foreign intelligence need.”

The system is built with gear made by Boeing Co.’s Narus subsidiary, which makes filtering technology, and Internet hardware manufacturers Cisco SystemsInc. and Juniper Networks Inc., among other companies, according to former intelligence officials and industry figures familiar with the equipment.

Narus didn’t respond to requests for comment. Cisco and Juniper declined to comment.